1 /* BGP network related fucntions
2 * Copyright (C) 1999 Kunihiro Ishiguro
4 * This file is part of GNU Zebra.
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24 #include "sockunion.h"
38 #include "lib_errors.h"
41 #include "bgpd/bgpd.h"
42 #include "bgpd/bgp_open.h"
43 #include "bgpd/bgp_fsm.h"
44 #include "bgpd/bgp_attr.h"
45 #include "bgpd/bgp_debug.h"
46 #include "bgpd/bgp_errors.h"
47 #include "bgpd/bgp_network.h"
48 #include "bgpd/bgp_zebra.h"
49 #include "bgpd/bgp_nht.h"
51 extern struct zebra_privs_t bgpd_privs
;
53 static char *bgp_get_bound_name(struct peer
*peer
);
55 void bgp_dump_listener_info(struct vty
*vty
)
57 struct listnode
*node
;
58 struct bgp_listener
*listener
;
60 vty_out(vty
, "Name fd Address\n");
61 vty_out(vty
, "---------------------------\n");
62 for (ALL_LIST_ELEMENTS_RO(bm
->listen_sockets
, node
, listener
))
63 vty_out(vty
, "%-16s %d %pSU\n",
64 listener
->name
? listener
->name
: VRF_DEFAULT_NAME
,
65 listener
->fd
, &listener
->su
);
69 * Set MD5 key for the socket, for the given IPv4 peer address.
70 * If the password is NULL or zero-length, the option will be disabled.
72 static int bgp_md5_set_socket(int socket
, union sockunion
*su
,
73 uint16_t prefixlen
, const char *password
)
77 #if HAVE_DECL_TCP_MD5SIG
79 #endif /* HAVE_TCP_MD5SIG */
83 #if HAVE_DECL_TCP_MD5SIG
84 /* Ensure there is no extraneous port information. */
85 memcpy(&su2
, su
, sizeof(union sockunion
));
86 if (su2
.sa
.sa_family
== AF_INET
)
89 su2
.sin6
.sin6_port
= 0;
91 /* For addresses, use the non-extended signature functionality */
92 if ((su2
.sa
.sa_family
== AF_INET
&& prefixlen
== IPV4_MAX_BITLEN
)
93 || (su2
.sa
.sa_family
== AF_INET6
&& prefixlen
== IPV6_MAX_BITLEN
))
94 ret
= sockopt_tcp_signature(socket
, &su2
, password
);
96 ret
= sockopt_tcp_signature_ext(socket
, &su2
, prefixlen
,
99 #endif /* HAVE_TCP_MD5SIG */
106 "Unable to set TCP MD5 option on socket for peer %pSU (sock=%d): This platform does not support MD5 auth for prefixes",
112 "Unable to set TCP MD5 option on socket for peer %pSU (sock=%d): %s",
113 su
, socket
, safe_strerror(en
));
120 /* Helper for bgp_connect */
121 static int bgp_md5_set_connect(int socket
, union sockunion
*su
,
122 uint16_t prefixlen
, const char *password
)
126 #if HAVE_DECL_TCP_MD5SIG
127 frr_with_privs(&bgpd_privs
) {
128 ret
= bgp_md5_set_socket(socket
, su
, prefixlen
, password
);
130 #endif /* HAVE_TCP_MD5SIG */
135 static int bgp_md5_set_password(struct peer
*peer
, const char *password
)
137 struct listnode
*node
;
139 struct bgp_listener
*listener
;
142 * Set or unset the password on the listen socket(s). Outbound
143 * connections are taken care of in bgp_connect() below.
145 frr_with_privs(&bgpd_privs
) {
146 for (ALL_LIST_ELEMENTS_RO(bm
->listen_sockets
, node
, listener
))
147 if (listener
->su
.sa
.sa_family
==
148 peer
->su
.sa
.sa_family
) {
150 peer
->su
.sa
.sa_family
== AF_INET
155 * if we have stored a BGP vrf instance in the
156 * listener it must match the bgp instance in
157 * the peer otherwise the peer bgp instance
158 * must be the default vrf or a view instance
160 if (!listener
->bgp
) {
161 if (peer
->bgp
->vrf_id
!= VRF_DEFAULT
)
163 } else if (listener
->bgp
!= peer
->bgp
)
166 ret
= bgp_md5_set_socket(listener
->fd
,
167 &peer
->su
, prefixlen
,
175 int bgp_md5_set_prefix(struct bgp
*bgp
, struct prefix
*p
, const char *password
)
179 struct listnode
*node
;
180 struct bgp_listener
*listener
;
182 /* Set or unset the password on the listen socket(s). */
183 frr_with_privs(&bgpd_privs
) {
184 for (ALL_LIST_ELEMENTS_RO(bm
->listen_sockets
, node
, listener
))
185 if (listener
->su
.sa
.sa_family
== p
->family
186 && ((bgp
->vrf_id
== VRF_DEFAULT
)
187 || (listener
->bgp
== bgp
))) {
188 prefix2sockunion(p
, &su
);
189 ret
= bgp_md5_set_socket(listener
->fd
, &su
,
199 int bgp_md5_unset_prefix(struct bgp
*bgp
, struct prefix
*p
)
201 return bgp_md5_set_prefix(bgp
, p
, NULL
);
204 int bgp_md5_set(struct peer
*peer
)
206 /* Set the password from listen socket. */
207 return bgp_md5_set_password(peer
, peer
->password
);
210 int bgp_md5_unset(struct peer
*peer
)
212 /* Unset the password from listen socket. */
213 return bgp_md5_set_password(peer
, NULL
);
216 int bgp_set_socket_ttl(struct peer
*peer
, int bgp_sock
)
220 if (!peer
->gtsm_hops
) {
221 ret
= sockopt_ttl(peer
->su
.sa
.sa_family
, bgp_sock
, peer
->ttl
);
225 "%s: Can't set TxTTL on peer (rtrid %pI4) socket, err = %d",
226 __func__
, &peer
->remote_id
, errno
);
230 /* On Linux, setting minttl without setting ttl seems to mess
232 outgoing ttl. Therefore setting both.
234 ret
= sockopt_ttl(peer
->su
.sa
.sa_family
, bgp_sock
, MAXTTL
);
238 "%s: Can't set TxTTL on peer (rtrid %pI4) socket, err = %d",
239 __func__
, &peer
->remote_id
, errno
);
242 ret
= sockopt_minttl(peer
->su
.sa
.sa_family
, bgp_sock
,
243 MAXTTL
+ 1 - peer
->gtsm_hops
);
247 "%s: Can't set MinTTL on peer (rtrid %pI4) socket, err = %d",
248 __func__
, &peer
->remote_id
, errno
);
257 * Obtain the BGP instance that the incoming connection should be processed
258 * against. This is important because more than one VRF could be using the
259 * same IP address space. The instance is got by obtaining the device to
260 * which the incoming connection is bound to. This could either be a VRF
261 * or it could be an interface, which in turn determines the VRF.
263 static int bgp_get_instance_for_inc_conn(int sock
, struct bgp
**bgp_inst
)
265 #ifndef SO_BINDTODEVICE
266 /* only Linux has SO_BINDTODEVICE, but we're in Linux-specific code here
267 * anyway since the assumption is that the interface name returned by
268 * getsockopt() is useful in identifying the VRF, particularly with
270 * VRF l3master device. The whole mechanism is specific to Linux, so...
271 * when other platforms add VRF support, this will need handling here as
272 * well. (or, some restructuring) */
273 *bgp_inst
= bgp_get_default();
277 char name
[VRF_NAMSIZ
+ 1];
278 socklen_t name_len
= VRF_NAMSIZ
;
281 struct listnode
*node
, *nnode
;
285 rc
= getsockopt(sock
, SOL_SOCKET
, SO_BINDTODEVICE
, name
, &name_len
);
287 #if defined(HAVE_CUMULUS)
288 flog_err(EC_LIB_SOCKET
,
289 "[Error] BGP SO_BINDTODEVICE get failed (%s), sock %d",
290 safe_strerror(errno
), sock
);
296 *bgp_inst
= bgp_get_default();
297 return 0; /* default instance. */
300 /* First try match to instance; if that fails, check for interfaces. */
301 bgp
= bgp_lookup_by_name(name
);
303 if (!bgp
->vrf_id
) // unexpected
309 /* TODO - This will be optimized once interfaces move into the NS */
310 for (ALL_LIST_ELEMENTS(bm
->bgp
, node
, nnode
, bgp
)) {
311 struct interface
*ifp
;
313 if (bgp
->inst_type
== BGP_INSTANCE_TYPE_VIEW
)
316 ifp
= if_lookup_by_name(name
, bgp
->vrf_id
);
323 /* We didn't match to either an instance or an interface. */
328 static void bgp_socket_set_buffer_size(const int fd
)
330 if (getsockopt_so_sendbuf(fd
) < (int)bm
->socket_buffer
)
331 setsockopt_so_sendbuf(fd
, bm
->socket_buffer
);
332 if (getsockopt_so_recvbuf(fd
) < (int)bm
->socket_buffer
)
333 setsockopt_so_recvbuf(fd
, bm
->socket_buffer
);
336 /* Accept bgp connection. */
337 static void bgp_accept(struct thread
*thread
)
342 struct bgp_listener
*listener
= THREAD_ARG(thread
);
345 char buf
[SU_ADDRSTRLEN
];
346 struct bgp
*bgp
= NULL
;
350 bgp
= bgp_lookup_by_name(listener
->name
);
352 /* Register accept thread. */
353 accept_sock
= THREAD_FD(thread
);
354 if (accept_sock
< 0) {
355 flog_err_sys(EC_LIB_SOCKET
,
356 "[Error] BGP accept socket fd is negative: %d",
361 thread_add_read(bm
->master
, bgp_accept
, listener
, accept_sock
,
364 /* Accept client connection. */
365 bgp_sock
= sockunion_accept(accept_sock
, &su
);
366 int save_errno
= errno
;
368 if (save_errno
== EINVAL
) {
370 bgp
? vrf_lookup_by_id(bgp
->vrf_id
) : NULL
;
373 * It appears that sometimes, when VRFs are deleted on
374 * the system, it takes a little while for us to get
375 * notified about that. In the meantime we endlessly
376 * loop on accept(), because the socket, having been
377 * bound to a now-deleted VRF device, is in some weird
378 * state which causes accept() to fail.
380 * To avoid this, if we see accept() fail with EINVAL,
381 * we cancel ourselves and trust that when the VRF
382 * deletion notification comes in the event handler for
383 * that will take care of cleaning us up.
387 "[Error] accept() failed with error \"%s\" on BGP listener socket %d for BGP instance in VRF \"%s\"; refreshing socket",
388 safe_strerror(save_errno
), accept_sock
,
390 THREAD_OFF(listener
->thread
);
394 "[Error] BGP socket accept failed (%s); retrying",
395 safe_strerror(save_errno
));
399 set_nonblocking(bgp_sock
);
401 /* Obtain BGP instance this connection is meant for.
402 * - if it is a VRF netns sock, then BGP is in listener structure
403 * - otherwise, the bgp instance need to be demultiplexed
407 else if (bgp_get_instance_for_inc_conn(bgp_sock
, &bgp
)) {
408 if (bgp_debug_neighbor_events(NULL
))
410 "[Event] Could not get instance for incoming conn from %s",
411 inet_sutop(&su
, buf
));
416 bgp_socket_set_buffer_size(bgp_sock
);
418 /* Check remote IP address */
419 peer1
= peer_lookup(bgp
, &su
);
422 peer1
= peer_lookup_dynamic_neighbor(bgp
, &su
);
424 /* Dynamic neighbor has been created, let it proceed */
425 peer1
->fd
= bgp_sock
;
427 /* Set the user configured MSS to TCP socket */
428 if (CHECK_FLAG(peer1
->flags
, PEER_FLAG_TCP_MSS
))
429 sockopt_tcp_mss_set(bgp_sock
, peer1
->tcp_mss
);
431 bgp_fsm_change_status(peer1
, Active
);
433 peer1
->t_start
); /* created in peer_create() */
435 if (peer_active(peer1
)) {
436 if (CHECK_FLAG(peer1
->flags
,
437 PEER_FLAG_TIMER_DELAYOPEN
))
440 TCP_connection_open_w_delay
);
443 TCP_connection_open
);
451 if (bgp_debug_neighbor_events(NULL
)) {
453 "[Event] %s connection rejected(%s:%u:%s) - not configured and not valid for dynamic",
454 inet_sutop(&su
, buf
), bgp
->name_pretty
, bgp
->as
,
455 VRF_LOGNAME(vrf_lookup_by_id(bgp
->vrf_id
)));
461 if (CHECK_FLAG(peer1
->flags
, PEER_FLAG_SHUTDOWN
)
462 || CHECK_FLAG(peer1
->bgp
->flags
, BGP_FLAG_SHUTDOWN
)) {
463 if (bgp_debug_neighbor_events(peer1
))
465 "[Event] connection from %s rejected(%s:%u:%s) due to admin shutdown",
466 inet_sutop(&su
, buf
), bgp
->name_pretty
, bgp
->as
,
467 VRF_LOGNAME(vrf_lookup_by_id(bgp
->vrf_id
)));
473 * Do not accept incoming connections in Clearing state. This can result
474 * in incorect state transitions - e.g., the connection goes back to
475 * Established and then the Clearing_Completed event is generated. Also,
476 * block incoming connection in Deleted state.
478 if (peer1
->status
== Clearing
|| peer1
->status
== Deleted
) {
479 if (bgp_debug_neighbor_events(peer1
))
481 "[Event] Closing incoming conn for %s (%p) state %d",
482 peer1
->host
, peer1
, peer1
->status
);
487 /* Check that at least one AF is activated for the peer. */
488 if (!peer_active(peer1
)) {
489 if (bgp_debug_neighbor_events(peer1
))
491 "%s - incoming conn rejected - no AF activated for peer",
497 /* Do not try to reconnect if the peer reached maximum
498 * prefixes, restart timer is still running or the peer
501 if (BGP_PEER_START_SUPPRESSED(peer1
)) {
502 if (bgp_debug_neighbor_events(peer1
))
504 "[Event] Incoming BGP connection rejected from %s due to maximum-prefix or shutdown",
510 if (bgp_debug_neighbor_events(peer1
))
511 zlog_debug("[Event] BGP connection from host %s fd %d",
512 inet_sutop(&su
, buf
), bgp_sock
);
514 if (peer1
->doppelganger
) {
515 /* We have an existing connection. Kill the existing one and run
518 if (bgp_debug_neighbor_events(peer1
))
520 "[Event] New active connection from peer %s, Killing previous active connection",
522 peer_delete(peer1
->doppelganger
);
525 if (bgp_set_socket_ttl(peer1
, bgp_sock
) < 0)
526 if (bgp_debug_neighbor_events(peer1
))
528 "[Event] Unable to set min/max TTL on peer %s, Continuing",
531 peer
= peer_create(&su
, peer1
->conf_if
, peer1
->bgp
, peer1
->local_as
,
532 peer1
->as
, peer1
->as_type
, NULL
);
533 hash_release(peer
->bgp
->peerhash
, peer
);
534 (void)hash_get(peer
->bgp
->peerhash
, peer
, hash_alloc_intern
);
536 peer_xfer_config(peer
, peer1
);
537 bgp_peer_gr_flags_update(peer
);
539 BGP_GR_ROUTER_DETECT_AND_SEND_CAPABILITY_TO_ZEBRA(peer
->bgp
,
542 if (bgp_peer_gr_mode_get(peer
) == PEER_DISABLE
) {
544 UNSET_FLAG(peer
->sflags
, PEER_STATUS_NSF_MODE
);
546 if (CHECK_FLAG(peer
->sflags
, PEER_STATUS_NSF_WAIT
)) {
551 UNSET_FLAG(peer
->flags
, PEER_FLAG_CONFIG_NODE
);
553 peer
->doppelganger
= peer1
;
554 peer1
->doppelganger
= peer
;
556 frr_with_privs(&bgpd_privs
) {
557 vrf_bind(peer
->bgp
->vrf_id
, bgp_sock
, bgp_get_bound_name(peer
));
559 bgp_peer_reg_with_nht(peer
);
560 bgp_fsm_change_status(peer
, Active
);
561 BGP_TIMER_OFF(peer
->t_start
); /* created in peer_create() */
563 SET_FLAG(peer
->sflags
, PEER_STATUS_ACCEPT_PEER
);
564 /* Make dummy peer until read Open packet. */
565 if (peer_established(peer1
)
566 && CHECK_FLAG(peer1
->sflags
, PEER_STATUS_NSF_MODE
)) {
567 /* If we have an existing established connection with graceful
569 * capability announced with one or more address families, then
571 * existing established connection and move state to connect.
573 peer1
->last_reset
= PEER_DOWN_NSF_CLOSE_SESSION
;
575 if (CHECK_FLAG(peer1
->flags
, PEER_FLAG_GRACEFUL_RESTART
)
576 || CHECK_FLAG(peer1
->flags
,
577 PEER_FLAG_GRACEFUL_RESTART_HELPER
))
578 SET_FLAG(peer1
->sflags
, PEER_STATUS_NSF_WAIT
);
580 bgp_event_update(peer1
, TCP_connection_closed
);
583 if (peer_active(peer
)) {
584 if (CHECK_FLAG(peer
->flags
, PEER_FLAG_TIMER_DELAYOPEN
))
585 BGP_EVENT_ADD(peer
, TCP_connection_open_w_delay
);
587 BGP_EVENT_ADD(peer
, TCP_connection_open
);
591 * If we are doing nht for a peer that is v6 LL based
592 * massage the event system to make things happy
594 bgp_nht_interface_events(peer
);
597 /* BGP socket bind. */
598 static char *bgp_get_bound_name(struct peer
*peer
)
603 if ((peer
->bgp
->vrf_id
== VRF_DEFAULT
) && !peer
->ifname
607 if (peer
->su
.sa
.sa_family
!= AF_INET
608 && peer
->su
.sa
.sa_family
!= AF_INET6
)
609 return NULL
; // unexpected
611 /* For IPv6 peering, interface (unnumbered or link-local with interface)
612 * takes precedence over VRF. For IPv4 peering, explicit interface or
613 * VRF are the situations to bind.
615 if (peer
->su
.sa
.sa_family
== AF_INET6
&& peer
->conf_if
)
616 return peer
->conf_if
;
621 if (peer
->bgp
->inst_type
== BGP_INSTANCE_TYPE_VIEW
)
624 return peer
->bgp
->name
;
627 int bgp_update_address(struct interface
*ifp
, const union sockunion
*dst
,
628 union sockunion
*addr
)
630 struct prefix
*p
, *sel
, d
;
631 struct connected
*connected
;
632 struct listnode
*node
;
635 if (!sockunion2hostprefix(dst
, &d
))
641 for (ALL_LIST_ELEMENTS_RO(ifp
->connected
, node
, connected
)) {
642 p
= connected
->address
;
643 if (p
->family
!= d
.family
)
645 if (prefix_common_bits(p
, &d
) > common
) {
647 common
= prefix_common_bits(sel
, &d
);
654 prefix2sockunion(sel
, addr
);
658 /* Update source selection. */
659 static int bgp_update_source(struct peer
*peer
)
661 struct interface
*ifp
;
662 union sockunion addr
;
665 sockunion_init(&addr
);
667 /* Source is specified with interface name. */
668 if (peer
->update_if
) {
669 ifp
= if_lookup_by_name(peer
->update_if
, peer
->bgp
->vrf_id
);
673 if (bgp_update_address(ifp
, &peer
->su
, &addr
))
676 ret
= sockunion_bind(peer
->fd
, &addr
, 0, &addr
);
679 /* Source is specified with IP address. */
680 if (peer
->update_source
)
681 ret
= sockunion_bind(peer
->fd
, peer
->update_source
, 0,
682 peer
->update_source
);
687 /* BGP try to connect to the peer. */
688 int bgp_connect(struct peer
*peer
)
690 assert(!CHECK_FLAG(peer
->thread_flags
, PEER_THREAD_WRITES_ON
));
691 assert(!CHECK_FLAG(peer
->thread_flags
, PEER_THREAD_READS_ON
));
692 ifindex_t ifindex
= 0;
694 if (peer
->conf_if
&& BGP_PEER_SU_UNSPEC(peer
)) {
695 if (bgp_debug_neighbor_events(peer
))
696 zlog_debug("Peer address not learnt: Returning from connect");
699 frr_with_privs(&bgpd_privs
) {
700 /* Make socket for the peer. */
701 peer
->fd
= vrf_sockunion_socket(&peer
->su
, peer
->bgp
->vrf_id
,
702 bgp_get_bound_name(peer
));
705 peer
->last_reset
= PEER_DOWN_SOCKET_ERROR
;
706 if (bgp_debug_neighbor_events(peer
))
707 zlog_debug("%s: Failure to create socket for connection to %s, error received: %s(%d)",
708 __func__
, peer
->host
, safe_strerror(errno
),
713 set_nonblocking(peer
->fd
);
715 /* Set the user configured MSS to TCP socket */
716 if (CHECK_FLAG(peer
->flags
, PEER_FLAG_TCP_MSS
))
717 sockopt_tcp_mss_set(peer
->fd
, peer
->tcp_mss
);
719 bgp_socket_set_buffer_size(peer
->fd
);
721 if (bgp_set_socket_ttl(peer
, peer
->fd
) < 0) {
722 peer
->last_reset
= PEER_DOWN_SOCKET_ERROR
;
723 if (bgp_debug_neighbor_events(peer
))
724 zlog_debug("%s: Failure to set socket ttl for connection to %s, error received: %s(%d)",
725 __func__
, peer
->host
, safe_strerror(errno
),
730 sockopt_reuseaddr(peer
->fd
);
731 sockopt_reuseport(peer
->fd
);
733 #ifdef IPTOS_PREC_INTERNETCONTROL
734 frr_with_privs(&bgpd_privs
) {
735 if (sockunion_family(&peer
->su
) == AF_INET
)
736 setsockopt_ipv4_tos(peer
->fd
, bm
->tcp_dscp
);
737 else if (sockunion_family(&peer
->su
) == AF_INET6
)
738 setsockopt_ipv6_tclass(peer
->fd
, bm
->tcp_dscp
);
742 if (peer
->password
) {
743 uint16_t prefixlen
= peer
->su
.sa
.sa_family
== AF_INET
747 bgp_md5_set_connect(peer
->fd
, &peer
->su
, prefixlen
,
751 /* Update source bind. */
752 if (bgp_update_source(peer
) < 0) {
753 peer
->last_reset
= PEER_DOWN_SOCKET_ERROR
;
754 return connect_error
;
757 if (peer
->conf_if
|| peer
->ifname
)
758 ifindex
= ifname2ifindex(peer
->conf_if
? peer
->conf_if
762 if (bgp_debug_neighbor_events(peer
))
763 zlog_debug("%s [Event] Connect start to %s fd %d", peer
->host
,
764 peer
->host
, peer
->fd
);
766 /* Connect to the remote peer. */
767 return sockunion_connect(peer
->fd
, &peer
->su
, htons(peer
->port
),
771 /* After TCP connection is established. Get local address and port. */
772 int bgp_getsockname(struct peer
*peer
)
774 if (peer
->su_local
) {
775 sockunion_free(peer
->su_local
);
776 peer
->su_local
= NULL
;
779 if (peer
->su_remote
) {
780 sockunion_free(peer
->su_remote
);
781 peer
->su_remote
= NULL
;
784 peer
->su_local
= sockunion_getsockname(peer
->fd
);
787 peer
->su_remote
= sockunion_getpeername(peer
->fd
);
788 if (!peer
->su_remote
)
791 if (!bgp_zebra_nexthop_set(peer
->su_local
, peer
->su_remote
,
792 &peer
->nexthop
, peer
)) {
793 flog_err(EC_BGP_NH_UPD
,
794 "%s: nexthop_set failed, resetting connection - intf %p",
795 peer
->host
, peer
->nexthop
.ifp
);
802 static int bgp_listener(int sock
, struct sockaddr
*sa
, socklen_t salen
,
805 struct bgp_listener
*listener
;
808 sockopt_reuseaddr(sock
);
809 sockopt_reuseport(sock
);
811 frr_with_privs(&bgpd_privs
) {
813 #ifdef IPTOS_PREC_INTERNETCONTROL
814 if (sa
->sa_family
== AF_INET
)
815 setsockopt_ipv4_tos(sock
, bm
->tcp_dscp
);
816 else if (sa
->sa_family
== AF_INET6
)
817 setsockopt_ipv6_tclass(sock
, bm
->tcp_dscp
);
820 sockopt_v6only(sa
->sa_family
, sock
);
822 ret
= bind(sock
, sa
, salen
);
827 flog_err_sys(EC_LIB_SOCKET
, "bind: %s", safe_strerror(en
));
831 ret
= listen(sock
, SOMAXCONN
);
833 flog_err_sys(EC_LIB_SOCKET
, "listen: %s", safe_strerror(errno
));
837 listener
= XCALLOC(MTYPE_BGP_LISTENER
, sizeof(*listener
));
839 listener
->name
= XSTRDUP(MTYPE_BGP_LISTENER
, bgp
->name
);
841 /* this socket is in a vrf record bgp back pointer */
842 if (bgp
->vrf_id
!= VRF_DEFAULT
)
845 memcpy(&listener
->su
, sa
, salen
);
846 thread_add_read(bm
->master
, bgp_accept
, listener
, sock
,
848 listnode_add(bm
->listen_sockets
, listener
);
853 /* IPv6 supported version of BGP server socket setup. */
854 int bgp_socket(struct bgp
*bgp
, unsigned short port
, const char *address
)
856 struct addrinfo
*ainfo
;
857 struct addrinfo
*ainfo_save
;
858 static const struct addrinfo req
= {
859 .ai_family
= AF_UNSPEC
,
860 .ai_flags
= AI_PASSIVE
,
861 .ai_socktype
= SOCK_STREAM
,
864 char port_str
[BUFSIZ
];
866 snprintf(port_str
, sizeof(port_str
), "%d", port
);
867 port_str
[sizeof(port_str
) - 1] = '\0';
869 frr_with_privs(&bgpd_privs
) {
870 ret
= vrf_getaddrinfo(address
, port_str
, &req
, &ainfo_save
,
874 flog_err_sys(EC_LIB_SOCKET
, "getaddrinfo: %s",
878 if (bgp_option_check(BGP_OPT_NO_ZEBRA
) &&
879 bgp
->vrf_id
!= VRF_DEFAULT
) {
880 freeaddrinfo(ainfo_save
);
884 for (ainfo
= ainfo_save
; ainfo
; ainfo
= ainfo
->ai_next
) {
887 if (ainfo
->ai_family
!= AF_INET
&& ainfo
->ai_family
!= AF_INET6
)
890 frr_with_privs(&bgpd_privs
) {
891 sock
= vrf_socket(ainfo
->ai_family
,
896 == BGP_INSTANCE_TYPE_VRF
897 ? bgp
->name
: NULL
));
900 flog_err_sys(EC_LIB_SOCKET
, "socket: %s",
901 safe_strerror(errno
));
905 /* if we intend to implement ttl-security, this socket needs
907 sockopt_ttl(ainfo
->ai_family
, sock
, MAXTTL
);
909 ret
= bgp_listener(sock
, ainfo
->ai_addr
, ainfo
->ai_addrlen
,
916 freeaddrinfo(ainfo_save
);
917 if (count
== 0 && bgp
->inst_type
!= BGP_INSTANCE_TYPE_VRF
) {
920 "%s: no usable addresses please check other programs usage of specified port %d",
922 flog_err_sys(EC_LIB_SOCKET
, "%s: Program cannot continue",
930 /* this function closes vrf socket
931 * this should be called only for vrf socket with netns backend
933 void bgp_close_vrf_socket(struct bgp
*bgp
)
935 struct listnode
*node
, *next
;
936 struct bgp_listener
*listener
;
941 if (bm
->listen_sockets
== NULL
)
944 for (ALL_LIST_ELEMENTS(bm
->listen_sockets
, node
, next
, listener
)) {
945 if (listener
->bgp
== bgp
) {
946 THREAD_OFF(listener
->thread
);
948 listnode_delete(bm
->listen_sockets
, listener
);
949 XFREE(MTYPE_BGP_LISTENER
, listener
->name
);
950 XFREE(MTYPE_BGP_LISTENER
, listener
);
955 /* this function closes main socket
959 struct listnode
*node
, *next
;
960 struct bgp_listener
*listener
;
962 if (bm
->listen_sockets
== NULL
)
965 for (ALL_LIST_ELEMENTS(bm
->listen_sockets
, node
, next
, listener
)) {
968 THREAD_OFF(listener
->thread
);
970 listnode_delete(bm
->listen_sockets
, listener
);
971 XFREE(MTYPE_BGP_LISTENER
, listener
->name
);
972 XFREE(MTYPE_BGP_LISTENER
, listener
);